Tactic 1: Adopt Least Privilege Zaid Arafeh, Clare Kearney Microsoft Services Cybersecurity Source: Engineering journal - 'The White Star liner Titanic', vol. 91.
• Part I: Understanding Tier-0 • Part II: Minimizing Privilege
AD Forest Tier-0 Security Dependencies Global Access Control Tier-1 Enterprise Data & Services Tier-2 Devices and Users AD Service & Dependencies AD Data
AD Forest
• • • The Domain Admins group Members of the Backup Operators group A Domain Controller (DC) A virtualization host running a DC A Config Manager server managing a DC
Napoléon Bonaparte 1769 - 1821
• Ensuring that the size of tier-0 is kept to a minimum. Ex: • Effectively protecting tier-0 components. Ex:
AND TREAT THEM AS SUCH
Steal NTDS. DIT SID History attacks Change default security descriptors Deploy Malware Disguise legit tools as updates to call malware Link malicious GPO to entire site
• For Built-in Tier-0 Groups • For resource management • For tier management • For service accounts
• Minimize privileged group membership • Configure alerting on privileged groups
• Tactic #2: Protect Privileged Identities
• AD ACL Scanner Tool by Robin Granberg • Active Directory Group Descriptions • Need help from Microsoft Services Cybersecurity? Cyber. RFI@microsoft. com